Kan vara tillgänglig
(Uppdaterat 2023-04-01)Systemutvecklare
Goteborg, Sweden
Modersmål Svenska, English, Mellan German
- Flerårig erfarenhet inom JavaScript/Node.js/TypeScript
- Flerårig erfarenhet av Java/Haskell/Erlang/Python
- 7 års erfarenhet av forskning inom webbsäkerhet
Kompetenser (44)
Linux
R&D
Research
JavaScript
Information-Flow Control
TEACHING
DOM
TEAM PLAYER
Dynamic Analysis
Puppeteer
Cyber Security
Static Analysis
Git
COMPUTER SECURITY
Java
PHP
Handlebars
TypeScript
TDD
MENTOR
WebAssembly
INSTRUMENTATION
Node.js
Flask
HTML
Scrum
WEB SECURITY
Python
Scala
MySQL
coq
Docker
CSS
AWS
Data Structures
Erlang
PostgreSQL
oraclesql
Haskell
agda
C#/.NET
C
promela
C++
Sammanfattning
Alexander is a hard worker with a PhD who has a strong drive and a penchant for problem-solving. With a background in academia, Alexander is a fast learner who has embraced being curious while always striving to gain more knowledge.
Alexander thoroughly enjoys working alongside and together with other people. During his time in academia, Alexander has been praised in evaluations from students for his work when he taught courses, mentored students, supervised a thesis, and supervised lab sessions, showing communicating about complex concepts is easy for him.
While being a methodological and analytical developer, Alexander is not afraid to dive into the nitty gritty parts of a system; each part is important for the greater goal of solving the problem!
Alexander takes great pride in crafting rigorous solutions, systems, and tools that help other people, which was the driving force in his research in web security and privacy.
Professionell bakgrund
2024-12 - Pågående
2021-01 - 2023-01
I worked on tools for static analysis for verifying security properties in WebAssembly, ranging from a security type system for secure information-flow to using the HoRSt framework that takes a specification of Horn clauses and produces an output to be used in conjunction with the theorem prover Z3.
While at TU Wien, I mainly extended HoRSt, which is written in Java, while also using Git, Gitlab, and TDD by both self-implemented tests, but also incorporating the official WebAssembly test suite to be used for feature and regression testing. We also used the Score method (Scrum for research) throughout my time at TU Wien.
I also taught on courses for formal methods for security as well as basic web security.
2019-06 - 2019-09
I worked on implementing PageGraph, a browser instrumentation for Blink and V8 to generate a graph over the page execution to attribute DOM modifications, network requests, script execution, and privacy-related API accesses to the responsible script. PageGraph was developed alongside two other interns and our mentor. It was used alongside a machine-learning approach to detect ads on web pages, and the graph was traversed to find the best resource to block to prevent the ads from loading.
As Blink and V8 is part of Chromium, PageGraph is implemented in C++ and I had to dig around and get comfortable in the large codebase that is Chromium in a brief period of time. Similarly, as the code base is large, we used sccache for faster builds. The machine learning as well as the tool to traverse the graph was written in Python, while the crawler to get all images was written in JavaScript with the puppeteer library and a PostgreSQL database for storing information from the crawling. The version control was Git and we used AWS for storing the crawled images.
2015-08 - 2020-07
My thesis on the topics of language-based security and web security was successfully defended. The research was on how to allow for dynamic information-flow control (IFC) in languages not designed for IFC, and how to give users more control of their data; be it from blocking unwanted privacy-invasive content to limiting the effects installed software can have to identify users online.
Throughout my time as a PhD student, I mainly worked in JavaScript and TypeScript for implementation on the interpreter JSFlow, Haskell to create prototypes to test ideas, and Python for some crawling and analysis. While working on JSFlow, we used both manual tests to test new features as well as an official test suite for the SpiderMonkey JavaScript engine. This test suite was used with Semaphore CI to do regression testing when pushing to the repo. I also used Docker to do builds with older libraries.
For teaching, I supervised one MSc. thesis and taught courses on language-based security, concurrency, parallelism, object-oriented programming, data structures, and functional programming.
Akademisk bakgrund
2015-08 - 2020-07
2012-08 - 2015-02
2009-08 - 2012-08